O'Reilly logo

PRAGMATIC Security Metrics by W. Krag Brotby, Gary Hinson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Information Technology / Security & Auditing / Business Management
Other books on information security metrics discuss number theory and statistics in
academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security
Metrics: Applying Metametrics to Information Security breaks the mold. This is the
ultimate how-to-do-it guide for security metrics.
Packed with time-saving tips, the book offers easy-to-follow guidance for those strug-
gling with security metrics. Step by step, it clearly explains how to specify, develop,
use, and maintain an information security measurement system (a comprehensive suite of
metrics) to help:
•Security professionals systematically improve information security, demonstrate the
value they are adding, and gain management support for the things that need to be done
•Management address previously unsolvable problems rationally, making critical
decisions such as resource allocation and prioritization of security relative to other
business activities
•Stakeholders, both within and outside the organization, be assured that information
security is being competently managed.
The PRAGMATIC approach lets you hone in on your problem areas and identify the few
metrics that will generate real business value. The book:
•Helps you gure out exactly what needs to be measured, how to measure it, and most
importantly, why it needs to be measured
•Scores and ranks more than 150 candidate security metrics to demonstrate the value
of the PRAGMATIC method
•Highlights security metrics that are widely used and recommended, yet turn out
to be rather poor in practice
•Describes innovative and exible measurement approaches such as capability
maturity metrics with continuous scales
•Explains how to minimize both measurement and security risks using complementary
metrics for greater assurance in critical areas such as governance and compliance
In addition to its obvious utility in the information security realm, the PRAGMATIC
approach, introduced for the rst time in this book, has broader application across diverse
elds of management including nance, human resources, engineering, and production—in
fact any area that suffers a surplus of data but a decit of useful information.
View the authors’ website and blog at: www.securitymetametrics.com
ISBN: 978-1-4398-8152-1
9 781439 881521
90000
Preface by M. E. Kabay, PhD, CISSP-ISSMP
PRAGMATIC Security Metrics
Applying
Metametrics
to Information Security
Brotby
Hinson
W. Krag Brotby and Gary Hinson
PRAGMATIC
Security Metrics
K13838
www.crcpress.com
www.auerbach-publications.com
K13838 cvr mech.indd 1 11/12/12 9:00 AM
PRAGMATIC
Security Metrics
Applying
Metametric s
to Information Security
OTHER INFORMATION SECURITY BOOKS FROM AUERBACH
Asset Protection through Security
Awareness
Tyler Justin Speed
ISBN 978-1-4398-0982-2
The CISO Handbook: A Practical Guide
to Securing Your Company
Michael Gentile, Ron Collette, and
Thomas D. August
ISBN 978-0-8493-1952-5
CISO’s Guide to Penetration Testing:
A Framework to Plan, Manage, and
Maximize Benefits
James S. Tiller
ISBN 978-1-4398-8027-2
Cybersecurity: Public Sector Threats
and Responses
Kim J. Andreasson, Editor
ISBN 9781-4398-4663-6
Cyber Security Essentials
James Graham, Editor
ISBN 978-1-4398-5123-4
Cybersecurity for Industrial Control
Systems: SCADA, DCS, PLC, HMI,
and SIS
Tyson Macaulay and Bryan L. Singer
ISBN 978-1-4398-0196-3
Cyberspace and Cybersecurity
George Kostopoulos Request
ISBN 978-1-4665-0133-1
Data Mining Tools for Malware
Detection
Mehedy Masud, Latifur Khan, and
Bhavani Thuraisingham
ISBN 978-1-4398-5454-9
Defense against the Black Arts: How
Hackers Do What They Do and How to
Protect against It
Jesse Varsalone and Matthew McFadden
ISBN 978-1-4398-2119-0
Digital Forensics for Handheld Devices
Eamon P. Doherty
ISBN 978-1-4398-9877-2
Electronically Stored Information:
The Complete Guide to Management,
Understanding, Acquisition, Storage,
Search, and Retrieval
David R. Matthews
ISBN 978-1-4398-7726-5
FISMA Principles and Best Practices:
Beyond Compliance
Patrick D. Howard
ISBN 978-1-4200-7829-9
Information Security Governance
Simplified: From the Boardroom to
the Keyboard
Todd Fitzgerald
ISBN 978-1-4398-1163-4
Information Technology Control
and Audit, Fourth Edition
Sandra Senft, Frederick Gallegos, and
Aleksandra Davis Request
ISBN 978-1-4398-9320-3
Managing the Insider Threat:
No Dark Corners
Nick Catrantzos
ISBN 978-1-4398-7292-5
Noiseless Steganography:
The Key to Covert Communications
Abdelrahman Desoky
ISBN 978-1-4398-4621-6
Secure and Resilient Software:
Requirements, Test Cases, and
Testing Methods
Mark S. Merkow
ISBN 978-1-4398-6621-4
Security De-Engineering: Solving
the Problems in Information Risk
Management
Ian Tibble
ISBN 978-1-4398-6834-8C
The Security Risk Assessment
Handbook: A Complete Guide
for Performing Security Risk
Assessments, Second Edition
Douglas Landoll
ISBN 978-1-4398-2148-0
The 7 Qualities of Highly Secure
Software
Mano Paul
ISBN 978-1-4398-1446-8
Smart Grid Security: An End-to-End
View of Security in the New
Electrical Grid
Gilbert N. Sorebo and Michael C. Echols
ISBN 978-1-4398-5587-4
AUERBACH PUBLICATIONS
www.auerbach-publications.com
To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401
E-mail: orders@crcpress.com
PRAGMATIC
Security Metrics
Applying
Metametrics
to Information Security
Preface by M. E. Kabay, PhD, CISSP-ISSMP
W. Krag Brotby and Gary Hinson

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required